I'd like to know how to get started on enterprise-grade networking for my homelab.
For the router, I'd really prefer to go with OPNsense - I host quite a few Internet-facing services (like GitLab) and want a decent firewall to keep the network safe. My requirements are as follows:
- We have Fiber (GPON) internet connectivity. From my understanding, this means that I'd need a device with SFP/SFP+ support and a complementing SFP module.
- We are currently using a non-ISP home-grade router, and we got it working by cloning the GPON module's serial number, so I presume that won't be a showstopper.
- I'd like to have four isolated VLANs, so I'd assume I need a device with at least 4 Ethernet ports.
- I've seen some posts regarding how this can be done with a single port and a managed switch. Would this be still as secure as having separate ports? (We have a bunch of security cameras hooked up to unmanaged switches and wanted to isolate those from the the rest of the LAN. If they get hacked, I don't want something simple like spoofing to allow one to jump VLANs.)
- I'd like support for Wireguard, which I get for free with OPNsense.
From my research, a mini PC would fit my power requirements, but doesn't match my hardware (port) requirements. They are also a big gamble, since there are not many reviews of them (on Amazon at least). The popular one on Reddit, Qotom, seems to no longer sell on Amazon.
I'd like some room for growth, and the modularity of a PC would be great, but the power draw i.e. running costs are simply too high to justify it for the desktop computers I know of. What would be the best way to go about this? Is there some middle ground between the two? Or should I buy a mini PC and just upgrade when I need to?